Ireland’s Data Protection Commission issued a report in which it was reviled that a complaint against LinkedIn lead to the regulator finding that the company used millions of e-mail addresses of non-LinkedIn users to target ads on Facebook.
The DPC conducted an audit and found that LinkedIn USA had processed hashed email addresses of approximately 18 million non-LinkedIn members without consent and targeted these individuals on the Facebook Platform with the absence of instruction from LinkedIn Ireland “with the absence of instruction from the data controller”.
“The complaint was ultimately amicably resolved, with LinkedIn implementing a number of immediate actions to cease the processing of user data for the purposes that gave rise to the complaint”. “As a result of the findings of our audit, LinkedIn Corp was instructed by LinkedIn Ireland, as data controller of EU user data, to cease pre-compute processing and to delete all personal data associated with such processing prior to 25 May 2018,” said the commissioner.
The question that remains unanswered however is where LinkedIn obtained these 18 million email addresses in the first place.